PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. Date published : 2019-03-20 https://gkaim.com/cve-2018-20628-vikas-chaudhary/
PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box. Date published : 2019-03-20 https://gkaim.com/cve-2018-20627-vikas-chaudhary/
PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. Date published : 2019-03-20 https://gkaim.com/cve-2018-20626-vikas-chaudhary/
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3)...
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. Date published : 2019-03-20 http://www.securityfocus.com/bid/107523 https://seclists.org/bugtraq/2019/Apr/6
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. Date published : 2019-03-20 https://seclists.org/bugtraq/2019/Apr/6 https://security.netapp.com/advisory/ntap-20190404-0001/
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. Date published : 2019-03-20 https://security.netapp.com/advisory/ntap-20190404-0001/ https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. Date published : 2019-03-20 https://seclists.org/bugtraq/2019/Apr/6 https://security.netapp.com/advisory/ntap-20190404-0001/
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. Date published : 2019-03-20 https://seclists.org/bugtraq/2019/Apr/6 https://security.netapp.com/advisory/ntap-20190404-0001/
libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations. Date published...
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion....
** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than...
JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). Date published : 2019-03-20 https://www.exploit-db.com/exploits/46633/ http://packetstormsecurity.com/files/152361/JioFi-4G-M2S-1.0.2-Cross-Site-Request-Forgery.html
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter. Date published : 2019-03-20 https://www.exploit-db.com/exploits/46752/ http://packetstormsecurity.com/files/152626/JioFi-4G-M2S-1.0.2-Denial-Of-Service.html